Communications security methods for supporting end-to-end security associations
First Claim
1. A communications method for use in a system including comprising a first, second and third nodes, and a first secret, said first secret being shared between the first and second nodes to secure communications between said first and second nodes, the method comprising:
- operating the first node to establish a secure communications session with said second node using the first shared secret to secure the contents of packets communicated from the first node that are directed to the second node as part of the secure communications session;
operating a third node which is coupled to said first and second nodes to maintain in memory a copy of said first shared secret; and
operating the third node to receive a secure flow of packets from the first node that are directed to said second node as part of the secure communications session.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus facilitating mobile node paging in a system where a mobile node is able to hand off application processing to an application proxy are described. Paging determinations are made based on application processing results corresponding to processing the content of multiple packet payloads. In some cases paging determinations are made based on processing the payload of a single packet in conjunction with information received from a mobile node, e.g., intermediate application processing results, mobile node state information, etc. To facilitate application processing handoffs in a manner that is transparent to a peer node involved in an ongoing communications session with the mobile node, security information may be passed between the mobile node and the application proxy node in a manner that is transparent to the peer node allowing an end to end security association to be maintained throughout the communications session with the peer node.
78 Citations
21 Claims
-
1. A communications method for use in a system including comprising a first, second and third nodes, and a first secret, said first secret being shared between the first and second nodes to secure communications between said first and second nodes, the method comprising:
-
operating the first node to establish a secure communications session with said second node using the first shared secret to secure the contents of packets communicated from the first node that are directed to the second node as part of the secure communications session;
operating a third node which is coupled to said first and second nodes to maintain in memory a copy of said first shared secret; and
operating the third node to receive a secure flow of packets from the first node that are directed to said second node as part of the secure communications session. - View Dependent Claims (2, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
- 5. The method of claim 5, wherein said third node operates as an application proxy for said second node during said secure communications session without informing said first node that the third node is acting as a proxy in the place of said second node.
-
19. A communications system, comprising:
-
a first node including a first shared secret and a communications application for establishing a secure communications session using said first shared secret to secure packets communicated as part of said secure communications session;
a mobile node including said first shared secret, a second shared secret, and at least one communications application for maintaining a secure communications session with said first node using said first shared secret;
an intermediate node, coupled to said first node and said mobile node, said intermediate node including said first shared secret and said second shared secret, said intermediate node including;
means for processing packets directed by said first node towards said mobile node as part of a secure communications session using said first shared secret; and
means for sending a message to said first node secured by said first shared secret indicating successful receipt of said packets by said mobile node. - View Dependent Claims (20, 21)
-
Specification